Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Configure threat feeds

Active threat response consists of MDR threat feeds, Sophos X-Ops threat feeds, and third-party threat feeds.

Threat feeds

Note

You can import and export threat exclusions, but you can't import or export threat feed configurations.

How the firewall implements threat feeds

The firewall first implements MDR threat feeds, followed by Sophos X-Ops and third-party threat feeds.

If an Indicator of Compromise (IoC) exists in all the threat feeds, the firewall acts as follows based on the value you set for Action:

  • Log and drop: Drops the traffic, logs the event under MDR, and doesn't check the other threat feeds.
  • Log only or Monitor: Logs separate events for MDR, Sophos X-Ops, and third-party threat feeds.